diff options
-rw-r--r-- | pcr/openswan/PKGBUILD | 43 | ||||
-rwxr-xr-x | pcr/openswan/openswan | 43 | ||||
-rwxr-xr-x | pcr/openswan/openswan.service | 13 | ||||
-rw-r--r-- | pcr/strongswan/CHANGELOG | 20 | ||||
-rw-r--r-- | pcr/strongswan/PKGBUILD | 34 |
5 files changed, 120 insertions, 33 deletions
diff --git a/pcr/openswan/PKGBUILD b/pcr/openswan/PKGBUILD index bae970025..97cea98e6 100644 --- a/pcr/openswan/PKGBUILD +++ b/pcr/openswan/PKGBUILD @@ -1,24 +1,23 @@ -# Contributor: Jan Fader <jan.fader@web.de> +# Contributor: xjpvictor Huang <ke [AT] xjpvictor [DOT] info> pkgname=openswan -pkgver=2.6.36 -pkgrel=2 +pkgver=2.6.38 +pkgrel=1 pkgdesc="Open Source implementation of IPsec for the Linux operating system" url="http://www.openswan.org" license=('GPL' 'custom') -arch=('i686' 'x86_64' 'mips64el') -depends=('iproute' 'gmp' 'perl') +arch=('i686' 'x86_64') +depends=('iproute2>=2.6.8' 'gmp' 'perl') +makedepends=('flex' 'bison') +conflicts=('ipsec-tools' 'openswan') +provides=('openswan') backup=(etc/ipsec.conf \ etc/ipsec.d/policies/{block,clear,clear-or-private,private,private-or-clear}) -source=(http://www.openswan.org/download/openswan-$pkgver.tar.gz - openswan.rc.d - compile.patch) +source=(http://download.openswan.org/openswan/openswan-$pkgver.tar.gz + openswan + openswan.service) build() { - # Create /etc/rc.d for init script, and license directory - mkdir -p $pkgdir/{etc/rc.d,usr/share/licenses/openswan} - cd $srcdir/openswan-$pkgver - patch -p1 -i $srcdir/compile.patch # Change install paths to Arch defaults sed -i 's|/usr/local|/usr|;s|libexec/ipsec|lib/openswan|' Makefile.inc @@ -26,21 +25,27 @@ build() { make USE_XAUTH=true USE_OBJDIR=true programs } -package(){ +package() { cd $srcdir/openswan-$pkgver + + # Create /etc/rc.d for init script, and license directory + mkdir -p $pkgdir/{etc/rc.d,usr/share/licenses/openswan} make DESTDIR=$pkgdir install # Change permissions in /var - chmod 755 $pkgdir/var/run/pluto - + chmod 700 $pkgdir/var/run/pluto + # Copy License cp LICENSE $pkgdir/usr/share/licenses/openswan - + # Install init script - install -Dm755 ../openswan.rc.d $pkgdir/etc/rc.d/openswan + install -Dm755 ../openswan $pkgdir/etc/rc.d/openswan + install -Dm644 ../openswan.service $pkgdir/usr/lib/systemd/system/openswan.service + mkdir $pkgdir/usr/lib/systemd/scripts/ + cp $pkgdir/etc/rc.d/ipsec $pkgdir/usr/lib/systemd/scripts/ipsec # fix manpages mv $pkgdir/usr/man $pkgdir/usr/share/ } -md5sums=('b3a1733493520bb18729633b62ef8247' +md5sums=('13073eb5314b83a31be88e4117e8bbcd' '543d84162761b9cc9ec319e938c4dd2a' - '5540437bb334873da646e21ac9caa963') + 'd8b465c10838c72e31329d65011002b6') diff --git a/pcr/openswan/openswan b/pcr/openswan/openswan new file mode 100755 index 000000000..30bd0d56e --- /dev/null +++ b/pcr/openswan/openswan @@ -0,0 +1,43 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions + +case "$1" in + start) + stat_busy "Starting Openswan IPsec" + /etc/rc.d/ipsec --start + if [ $? -gt 0 ]; then + stat_fail + else + stat_done + add_daemon openswan + fi + ;; + stop) + stat_busy "Stopping Openswan IPsec" + /etc/rc.d/ipsec --stop + if [ $? -gt 0 ]; then + stat_fail + else + stat_done + rm_daemon openswan + fi + ;; + restart) + stat_busy "Restarting Openswan IPsec" + /etc/rc.d/ipsec --restart + if [ $? -gt 0 ]; then + stat_fail + else + stat_done + add_daemon openswan + fi + ;; + status) + /etc/rc.d/ipsec --status + ;; + *) + echo "usage: $0 {start|stop|restart|status}" +esac + diff --git a/pcr/openswan/openswan.service b/pcr/openswan/openswan.service new file mode 100755 index 000000000..6d899705c --- /dev/null +++ b/pcr/openswan/openswan.service @@ -0,0 +1,13 @@ +[Unit] +Description=Openswan daemon +After=network.target + +[Service] +Type=forking +ExecStart=/usr/lib/systemd/scripts/ipsec --start +ExecStop=/usr/lib/systemd/scripts/ipsec --stop +ExecReload=/usr/lib/systemd/scripts/ipsec --restart +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG new file mode 100644 index 000000000..a798a08c4 --- /dev/null +++ b/pcr/strongswan/CHANGELOG @@ -0,0 +1,20 @@ +strongswan-5.0.4 +---------------- + +- Fixed a security vulnerability in the openssl plugin which was reported by + Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. + Before the fix, if the openssl plugin's ECDSA signature verification was used, + due to a misinterpretation of the error code returned by the OpenSSL + ECDSA_verify() function, an empty or zeroed signature was accepted as a + legitimate one. + +- The handling of a couple of other non-security relevant openssl return codes + was fixed as well. + +- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its + TCG TNC IF-MAP 2.1 interface. + +- The charon.initiator_only option causes charon to ignore IKE initiation + requests. + +- The openssl plugin can now use the openssl-fips library. diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD index ed603e5c2..975e7a21f 100644 --- a/pcr/strongswan/PKGBUILD +++ b/pcr/strongswan/PKGBUILD @@ -7,24 +7,27 @@ # Maintainer: dkorzhevin <dkorzhevin at gmail dot com> pkgname=strongswan -pkgver=5.0.1 -pkgrel=2 +pkgver=5.0.4 +pkgrel=5 pkgdesc="open source IPsec implementation" url='http://www.strongswan.org' license=("GPL") -arch=('i686' 'x86_64' 'mips64el') -depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3') +arch=('i686' 'x86_64') +depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite') conflicts=('openswan') options=(!libtool) backup=(etc/ipsec.conf etc/strongswan.conf) source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc) -md5sums=('58fdeb49f133139a58f4d8adafc69a16' +changelog='CHANGELOG' +md5sums=('0ab0397b44b197febfd0f89148344035' 'cf815adef48a1ffee34517380c731277') - build() { - cd ${srcdir}/${pkgname}-${pkgver} || return 1 + cd ${srcdir}/${pkgname}-${pkgver} - ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --with-ipsecdir=/usr/lib/strongswan \ + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib \ + --with-ipsecdir=/usr/lib/strongswan \ --enable-sqlite \ --enable-openssl --enable-curl \ --enable-sql --enable-attr-sql \ @@ -34,12 +37,15 @@ build() { --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \ --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \ --enable-ha \ - --disable-mysql --disable-ldap || return 1 + --disable-mysql --disable-ldap - make || return 1 - make DESTDIR=${pkgdir} install || return 1 + make +} - install -d ${pkgdir}/etc/rc.d || return 1 - ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec || return 1 - install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan || return 1 +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR=${pkgdir} install + install -d ${pkgdir}/etc/rc.d + ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec + install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan } |